Is there a way to include Evidence File Name field in DLP queries tables columns ? I've tried every DLP Incident and operational template, but there is no evidence-related column to include.
Is there a way to trace back, without directlyaccessing SQL server, the Evidence File Name to the query template ?
Thank you for your time and support,
You'll need to use the Query Builder option in ePO Queries and Reports as I don't think this query type is used in the canned examples:
Hit the [New Query] button at the top
Choose 'Other' on the left then 'DLP Data In-use/motion Incidents History'
[Next] - choose whatever chart type you like but start with Table as it's the most simple
[Next] - choose your columns but include 'Evidence File Path'
[Next] - choose your filters or leave empty
Save and Run and you'll have all the evidence listed with their file paths.
Now you can go back and choose different filters, columns, chart types until you're happy with the output!
Thank you for the promptitude of your answer.
The Result Type in Query Builder is conditioning the columns which could be used. To have the names of the files (Evidence File Name) witten on USB removable storage (Removable Storage Protection) , I found DLP Data In-use/motion Incidents result type.